Edit: Since this writing, rs/cors has been identified as the easiest and best way to do CORS in Go.

/*
* Boilerplate for handling CORS preflighted requests.
* https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Preflighted_requests
*/packagemainimport("fmt""log""net/http""strings")// Define length of time results of preflight// can be cached// https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Access-Control-Max-AgevarMaxAge="60"// Define all allowed methods here.varAllowedMethods=map[string]bool{"GET":true,"POST":true,}// Define all allowed headers here.varAllowedHeaders=map[string]bool{"XPING":true,}// Define all allowed origins here.// Can be wildcard ("*") or exactly ONE URI (e.g. "www.nhatqbui.com")// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-OriginvarAllowedOrigins="*"funcgetKeys(mmap[string]bool)[]string{keys:=make([]string,0,len(m))fork:=rangem{keys=append(keys,k)}returnkeys}// Example method handling preflight requests and normal requests.funchandleAjaxHello(whttp.ResponseWriter,r*http.Request){ifr.Method=="OPTIONS"{// Handle pre-flight here.// Note: We begin by manually checking the headers of the preflight.// We can actually respond with the information communicated// in the response headers and the browser should handle// whether the subsequent is carried out. Here, we are being// very explicit and checking the headers ourselves.// Pre-flight will indicate the method of the actual request.// Check that the method is a member of the set of allowed methods.reqMethod,ok:=r.Header["Access-Control-Request-Method"]if!ok{// Handle unspecified methods here// In this example, we don't do anything and return.return}hasMethod:=falsefor_,method:=rangereqMethod{ifAllowedMethods[method]{hasMethod=truebreak}}if!hasMethod{// Handle incorrect methods here// In this example, we don't do anything and return.return}// Check that subsequent request will have appropriate headers.// This one is more nuanced. You should consider:// - should the request contain ALL allowed headers?// - or should the request headers be allowed headers// (but not necessarily containing all allowed headers)// Here, we just check that the request headers are allowed headers.// Whether it has-all-necessary-headers is not checked.reqHeaders,ok:=r.Header["Access-Control-Request-Headers"]if!ok{// Handle unspecified methods here.// In this example, we don't do anything and return.return}for_,headers:=rangereqHeaders{for_,header:=rangestrings.Split(headers,","){if!AllowedHeaders[header]{// Handle incorrect headers here// In this example, we don't do anything and return.return}}}// We arrived here, the preflight has passed our checks// And the subsequent request will be valid.w.Header().Set("Access-Control-Allow-Origin",AllowedOrigins)w.Header().Set("Access-Control-Allow-Methods",strings.Join(getKeys(AllowedMethods),","))w.Header().Set("Access-Control-Allow-Headers",strings.Join(getKeys(AllowedHeaders),","))w.Header().Set("Access-Control-Max-Age",MaxAge)}elseifr.Method=="POST"{varjsonStr=[]byte(fmt.Sprintf(`{"data":"PONG"}`))w.Header().Set("Content-Type","application/json; charset=utf-8")w.Write(jsonStr)}}funcmain(){http.HandleFunc("/ajax/hello",handleAjaxHello)err:=http.ListenAndServeTLS(":8080","./certs/testing.crt","./certs/testing.key",nil)iferr!=nil{log.Fatal("ListenAndServer: ",err)}}

The protobuf compiler will compile a version of the protobuf which has a syntax the python-protobuf, the package that allows you to do import google.protobuf, doesn’t understand. Specifically, all objects will be passed a syntax field to their __init__ function. Update Python protobuf by visiting the repo and getting the latest version.